Hi all,

I wonder if anyone has any advice. We changed password policy to 20000 days a 
few weeks ago.

Over the weekend, passwords expired and now we cannot login. All admin accounts 
are essentially unusable.
Seems to be this issue: https://fedorahosted.org/freeipa/ticket/3312

Any ideas how to get the admin accounts working again? We can't even login to 
reverse the password policy change.
When we attempt to use the commands we get:

ipa: ERROR: did not receive Kerberos credentials

Of course, we can't kinit. Fortunately, it's only a small network of machines, 
so it's fairly humorous. We'd rather not have to rebuild though or recover 
backups.
I presume we just need to somehow get into LDAP without authentication and 
force change policy.

Thanks,

Jason

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to